In a Cyber-Physical System (CPS), the commonly deployed defences against cyber security threats are perimeter-based (firewall, traffic shaping, intrusion detection and protection system, etc.) and endpoint (antivirus). However, these defences are largely ineffective against zero-day attacks, new viruses, malicious insiders, human error, unencrypted communication, and unsecure mobile devices and network that can be breached.
This research attempts to develop an Intelligent Anomaly Detection System (IADS) that detects anomalies in a CPS that is compromised by the above-mentioned vulnerabilities. Traditional Intrusion Detection Systems (IDS) are incapable of identifying an anomaly when the attacker has already breached the network and has the ability to affect the operation of the CPS.
This research proposal moves away from traditional IDS, which are enterprise network IDS that monitor the network traffic for known vulnerabilities. The IADS will employ machine learning capability that analyses the data of all field sensors stored in one or more historians or data acquisition servers (DAServer) to identify anomalous behaviour within a CPS.